CVE-2022-1115 - OpenCVE

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Imagemagick	Imagemagick

Configuration 1 [-]

OR	cpe:2.3:a:imagemagick:imagemagick::::::::
	cpe:2.3:a:imagemagick:imagemagick::::::::

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2022-1115
https://bugzilla.redhat.com/show_bug.cgi?id=2067022
https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09
https://github.com/ImageMagick/ImageMagick/issues/4974
https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
https://nvd.nist.gov/vuln/detail/CVE-2022-1115
https://www.cve.org/CVERecord?id=CVE-2022-1115

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-29T14:03:06

Updated: 2024-08-02T23:55:23.492Z

Reserved: 2022-03-28T00:00:00

Link: CVE-2022-1115

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-29T15:15:10.297

Modified: 2022-09-06T14:09:41.627

Link: CVE-2022-1115

Redhat

Severity : Moderate

Publid Date: 2022-03-22T00:00:00Z

Links: CVE-2022-1115 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "ImageMagick", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in ImageMagick6 v6.9.12-44, ImageMagick7 v7.1.0-29"}]}], "descriptions": [{"lang": "en", "value": "A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer.", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T14:03:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067022"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/issues/4974"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-1115"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ImageMagick", "version": {"version_data": [{"version_value": "Fixed in ImageMagick6 v6.9.12-44, ImageMagick7 v7.1.0-29"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer."}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2067022", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067022"}, {"name": "https://github.com/ImageMagick/ImageMagick/issues/4974", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/4974"}, {"name": "https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09"}, {"name": "https://access.redhat.com/security/cve/CVE-2022-1115", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2022-1115"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:23.492Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067022"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ImageMagick/ImageMagick/issues/4974"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-1115"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1115", "datePublished": "2022-08-29T14:03:06", "dateReserved": "2022-03-28T00:00:00", "dateUpdated": "2024-08-02T23:55:23.492Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "62ED872E-70D8-4736-9876-F307A77839D4", "versionEndExcluding": "6.9.12-44", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A56872F-F8A5-4447-8D18-8DA94072BD22", "versionEndExcluding": "7.1.0-29", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service."}, {"lang": "es", "value": "Se ha encontrado un fallo de desbordamiento del b\u00fafer de la pila en la funci\u00f3n PushShortPixel() de ImageMagick del archivo quantum-private.h. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de imagen TIFF especialmente dise\u00f1ado a ImageMagick para su conversi\u00f3n, lo que puede conllevar a una denegaci\u00f3n de servicio"}], "id": "CVE-2022-1115", "lastModified": "2022-09-06T14:09:41.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T15:15:10.297", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-1115"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067022"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/4974"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Secondary"}]}